Well..well..well.. in a way I feel like idiot.. but in another it was a very
much a learning experience.
After checking over everything and recreating the 800mS to 2 second delays,
I found the problem.
When I first set up the lab, I spent some time working with the debugs for
ipsec, isakmp and
What eric is refering to is a couple different items. One is the forward
lookup of the name given on the command prompt, which I don't recall any
traceroute implementations which cause high latency for that.
Secondly is the reverse lookup many traceroute's will do if you give an IP
address as the
Darrell-
I like the tidbit about reverse lookup with traceroute.. I always wondered
why the Sun boxes were so slow at times during pings . Now I need to fire up
the sniffer and the x86 Solaris and see what I can see :) It would be my
luck that the x86 Solaris is different ..
Anyways.. this
I just set up a back to back PIX firewall test. Using IKE and IPsec with a
laptop on either end. One is a 520 (6.2) and the other is a 501 (6.2) and
Win2K and Win98 as clients. Everything works as it should but.. isnt there
always a but? the traceroute response time is something like 800mS. When I
it has nothing with the VPN tunnel but everything to do with DNS. if you
specify the
IP address in the /etc/hosts file, that will speed it up very quickly. I
have the same
setup like yours with the exception that I have franken pixes (Pix520) on
both ends
By the way, use version 6.2(2) on the
] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mike Sweeney
Sent: Monday, January 13, 2003 11:40 AM
To: [EMAIL PROTECTED]
Subject: response time between PIX with VPN [7:60981]
I just set up a back to back PIX firewall test. Using IKE and IPsec with
a laptop on either end. One is a 520 (6.2
In answer to Eric, there is not any DNS involved as the traceroute is IP
only... no name resolution needed.
In answer Ed's comments, I have both plugged into a switch and so it's not
*back to back* in the normal sense of the word.
MikeS
Message Posted at:
Check for duplex and speed settings on switch as well as interface errors
and collisions.
Mike Sweeney wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
In answer to Eric, there is not any DNS involved as the traceroute is IP
only... no name resolution needed.
In answer Ed's
Is ping that slow too? What else did you try? FTP? TFTP? Traceroute and
Telnet are sort of weird ways of testing response time, but a good start.
Can you put a sniffer on one of the Windows machines and see where the
delays are actually occuring?
Try to distinguish between a slow network and
9 matches
Mail list logo
